Jinchen Sheng

**Name of the Vulnerable Software and Affected Versions** Apache Kylin 2 versions 2.6.6 and prior Apache Kylin 3 versions 3.1.2 and prior **Description** The issue is related to the MySQL JDBC driver in Apache Kylin, which can allow an attacker to execute arbitrary code from a malicious MySQL server within Kylin server processes if certain properties are left unmitigated. This can be exploited by a remote attacker. **Recommendations** For Apache Kylin 2 versions 2.6.6 and prior, update to a version later than 2.6.6 to resolve the issue. For Apache Kylin 3 versions 3.1.2 and prior, update to a version later than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of the MySQL JDBC driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions prior to 1.3.6 **Description** The issue is related to errors in privilege management, allowing remote attackers to execute arbitrary SQL queries. Specifically, authorized users can use SQL injection in the data source center when using a MySQL data source with an internal login account password. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the data source center for MySQL data sources with internal login account passwords until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Jenkins Blue Ocean Plugin versions 1.23.2 and earlier **Description** The issue concerns an undocumented feature flag that allows an attacker with specific permissions to read arbitrary files on the Jenkins controller file system. The flag `blueocean.features.GIT READ SAVE TYPE` can be set to the value `clone` to enable this capability, affecting users with Item/Configure or Item/Create permission. **Recommendations** For Jenkins Blue Ocean Plugin versions 1.23.2 and earlier, consider updating to version 1.23.3 or later, which no longer includes the vulnerable feature and redirects existing usage to a safer alternative.

**Name of the Vulnerable Software and Affected Versions** Jenkins Blue Ocean Plugin versions 1.23.2 and earlier **Description** A missing permission check in the Jenkins Blue Ocean Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. The HTTP request itself is legitimate, but only authorized users should be able to perform it. This issue affects several HTTP endpoints implementing connection tests. **Recommendations** For Jenkins Blue Ocean Plugin versions 1.23.2 and earlier, update to version 1.23.3 or later, which requires Item/Create permission to perform connection tests, thereby addressing the missing permission check issue.